[ONGOING] masterclass: Kubernetes Self healing, networking, HA large scale, Mesh, TLS ...
โ 37 mins - Kubernetes Design Principles: Understand the Why - Saad Ali, Google
ย ๐ Link to YT: hereKubernetes is quickly becoming indispensable for managing and deploying workloads on distributed systems across both cloud and on-prem environments. While most people are now familiar with how to use Kubernetes, few are aware of the โwhyโ behind it. Why does the Kubernetes API look the way it does? Why do Kubernetes components only interact with each other through the Kubernetes API? Why is there a PersistentVolumeClaim object when you could easily reference a volume directly from a pod? To answer these questions and help you develop a deeper understanding of Kubernetes, this talk exposes the principles underpinning the design of Kubernetes.
โ About TLS and cert-manager
๐ cert-manager โ Past, Present and Future โ Jake Sanders (cert-manager Maintainer) & Ashley Davis (Jetstack): ๐ฅ Watch here | ๐ Slides | ๐งพ Summary
cert-manager is the Cloud Native way to manage X.509 certificates inside Kubernetes. It's often one of the first tools administrators install on a new cluster, reaching over 15 million image pulls per day! The project recently entered the CNCF incubation phase after two years in the sandbox. In this talk, two maintainers discuss why cert-manager matters, its evolution, and whatโs next.
๐ Cert-Manager Beyond Ingress โ Exploring the Variety of Use Cases - Matthew Bates, Jetstack ๐ฅ Watch here | ๐ Slides | ๐งพ Summary
Cert-manager is a widely used project for the automation of X.509 TLS certificates. In 2020, it reached 1.0 and landed in the CNCF Sandbox. cert-manager has been popularised by its support of ACME and Ingress, enabling many millions of certificates to be issued and renewed, and to help secure the cloud native web with Kubernetes and all the various ingress controllers. But cert-manager, with its custom resources and controllers, extensible with issuers including those out-of-tree, can also be used for a myriad of other use cases in which certificates are required. This talk will walk through the various use cases for cert-manager, including ingress, control plane and nodes (kubeadm, CAPI), webhooks, intra-service mTLS (cert-manager-csi) and service mesh (OpenServiceMesh, Istio).
๐ Best Friends Keep No Secrets: Going Secretless with cert-manager - Ashley Davis & Tim Ramlot, Venafi ๐ฅ Watch here | ๐ Slides | ๐งพ Summary
In today's complex Kubernetes environments, managing secrets securely is a challenge. Traditional methods often involve complex configurations with secret vaults, secret syncing and secret backups. Regardless of which fancy technology is used, secrets always come with a risk of being leaked. Most of the secrets used in traditional applications can be replaced by short-lived certificates. Applications can prove to be the owner of a certificate without sharing any secrets. In Kubernetes, cert-manager can be used to provision these certificates to all applications without sharing any secret information. Table of contents: - Do we actually need secrets? Comparing authentication methods: static secrets vs short-lived secrets and proof of ownership - H ow to issue certificates using cert-manager without using [S|s]ecrets - Compatibility and other challenges
๐ title ๐ฅ Watch here | ๐ Slides | ๐งพ Summary
blablabla...
โ - 35 mins - Certifik8s: All You Need to Know About Certificates in Kubernetes [I] - Alexander Brand, Apprenda
ย ๐ Link to YT: hereCertificates are an integral part of a secure Kubernetes cluster deployment. They are mainly used to secure the Kubernetes API server using TLS, but certificates (and keys) are also used for other cluster functions such as client authentication, encryption of secrets, TLS bootstrapping, and the generation of service account tokens.
Certificates pose interesting challenges to cluster operators. What does the certificate setup look like in an ideal scenario? How long should certificates be valid for? When nearing expiration dates, how can certificates be rotated to ensure the cluster remains operational? These challenges must be understood when it comes to deploying and operating a Kubernetes cluster.
After this talk, you should have a better understanding of:
ย ย ย ย โข How each cluster component uses certificates for secure communications
ย ย ย ย โข How certificates can be used for authentication, including service account tokens
ย ย ย ย โข How the Kubelet TLS bootstrapping process works
ย ย ย ย โข How to plan, generate and deploy the certificates required for a secure cluster
ย ย ย ย โข How to rotate certificates that are nearing their expiration date
About Alexander Brand Alex works on the Kismatic Enterprise Toolkit at Apprenda, making the deployment of production Kubernetes clusters easier. He has been involved with Kubernetes and related projects since early 2016. Before Apprenda, Alex attended Queen's University in Canada, where he majored in Biomedical Computing.
- (5y ago) LISA19 - Deep Dive into Kubernetes Internals for Builders and Operators
- (1y ago) Crossplane Intro and Deep Dive - the Cloud Native Control Plane Framework
Self Healing:
- (1y ago) The Magic of Kubernetes Self-Healing Capabilities - Saad Ali, Google
- (8y ago) Deploying Self Healing Services With Kubernetes w/ Rob Scott
- (1y ago) "Kubernetes self-healing: HA for services and control plane" - Lukasz Sztachanski i Lukasz Luczaj
Networking:
- Understanding Kubernetes Networking in 30 Minutes - Ricardo Katz & James Strong
- Life of a Packet [I] - Michael Rubin, Google
- Tutorial: Communication Is Key - Understanding Kubernetes Networking - Jeff Poole, Vivint Smart Home
- Surviving Day 2 - How to Troubleshoot Kubernetes Networking - Thomas Graf, Isovalent
- Kubernetes Networking Intro and Deep-Dive - Bowei Du & Tim Hockin, Google
- Understanding Kubernetes Networking. Part 1: Container Networking
โ Tutorial: From CNI Zero to CNI Hero: A Kubernetes Networking Tutorial Using CNI
ย ๐ Link to YT: herematerial available here:
fork of demo
- Highly Available Kubernetes Clusters - Best Practices - Meaghan Kjelland & Karan Goel, Google
- (1y ago) Building a Large Scale Multi-Cloud Multi-Region SaaS Platform with Kubernetes Controllers
- (1y ago) Architecting Resilience: Lessons from Managing 7K+ Kubernetes Clusters at Scale
Mesh: Istio and Cilium:
- (5y ago) Demystifying Service Mesh, HashiCorp
- (1y ago) Comparing Sidecar-Less Service Mesh from Cilium and Istio - Christian Posta, Solo.io
- (1y ago) Simplifying Multi-Cluster and Multi-Cloud Deployments with Cilium - Liz Rice, Isovalent
- (1y ago) Istio Ambient Service Mesh Made Simple - Lin Sun, Solo.io
- (1y ago) Best-Practices for Securing Egress Traffic with Istio - Niranjan Shankar, Microsoft
- (6mm ago) What Istio Got Wrong: Learnings from the Last Seven Years of Service Mesh - C. Posta, L. Ryan
- (1y ago) Reliable multi-cluster application architectures with Istio - Ameer Abbas & John Howard, Google
- (1y ago) What Istio Got Wrong: Learnings from the Last Seven Years of Service Mesh - C. Posta, L. Ryan
- (1y ago) Create resilient multi-cluster, multi-regional and multi-tenant architectures with Istio and K8s
| Course | Date | Institution | Lenght | - | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Monitoring Systems and Services with Prometheus (LFS241) | 11/25 - 12/25 | The linux foundation | 25 hours | ๐ข๐ | |||||||||||||||||||||||||
| Clean tech academy | 09/25 - 11/25 | Miticoro foundation | x | ๐ข๐ | |||||||||||||||||||||||||
| Service Mesh Fundamentals (LFS243) | 11/25 | The linux foundation | 20 hours | ๐ข๐ | |||||||||||||||||||||||||
Open week - AI development/engineering workshopFrom Model to Service: Deploying ML Models as REST APIs - AI Engineering Workshop - 3 hoursExpense Manager Agent with Telegram (3h) - AI Development Workshop - 3 hours |
10/25 | Professional AI | 6 hours | ๐ข | |||||||||||||||||||||||||
Advanced Cloud Engineer IT Professional Program (LFS002) โ 06/25 โ The Linux Foundation โ 6 months โ ๐ก๐
|
|||||||||||||||||||||||||||||
| Designing in Italy for Global Citizenship | 10/25 | ProgEU: Progress in European Union | 35 hours | ๐ข๐ | |||||||||||||||||||||||||
| Kubernetes fundamentals (LFS258) | 09/25 | The Linux Foundation | 35 hours | ๐ข๐ | |||||||||||||||||||||||||
| Containers Fundamentals (LFS253) | 07/25 | The Linux Foundation | 40 hours | ๐ข๐ | |||||||||||||||||||||||||
| Fine tuning and deploy of a LLM | 06/25 | ProfessionAI | 2 hours | ๐ข | |||||||||||||||||||||||||
AI Cloud Explained: What It Is, Why It Matters, and How It WorksLink to official course hereExplore how AI Cloud revolutionizes AI workloads by providing scalable computing, seamless integration, and real-time processing. Learn how this powerful infrastructure enables businesses to optimize AI model training, deployment, and performance with efficiency and flexibility. |
06/25 | The Linux Foundation | 2 hours | ๐ข | |||||||||||||||||||||||||
Kubernetes troubleshooting: a step-by-step guideLink to official course hereExplaination and analysis (with Devtron) of the following common errors, their possible root causes and how to fix them: - CRASHLOOPBACKOFF -- OOMKilled -- CPU throttling - ENV Variables/Secrets Mount Issue - Database connection issues |
06/25 | The Linux Foundation | 2 hours | ๐ข | |||||||||||||||||||||||||
| Introduction to Jenkins (LFS167) | 06/25 | The Linux Foundation | 20 hours | ๐ข๐ | |||||||||||||||||||||||||
| Introduction to Kubernetes (LFS158) | 06/25 | The Linux Foundation | 20 hours | ๐ข๐ | |||||||||||||||||||||||||
| Desarrolla una Aplicaciรณn Web con Inteligencia Artificial Usando Endpoints de API (OpenAI) | 05/25 | Nuclio Digital School | 4 hours | ๐ข๐ ๏ธ | |||||||||||||||||||||||||
| Agile management | 05/25 | Nuclio digital school | 16 hours | ๐ข๐ | |||||||||||||||||||||||||
| IA sin cรณdigo + Power BI: Crea, visualiza y decide con datos | 05/25 | Nuclio Digital School | 3 hours | ๐ข๐ ๏ธ | |||||||||||||||||||||||||
Masterclasses on Knative
|
06/25 | 3+ | 3h15m | ๐ข | |||||||||||||||||||||||||
Kubernetes masterclass from Rancher Labs
|
05/25 | Rancher Labs | 6 hours | ๐ขโก | |||||||||||||||||||||||||
| Introduction to Cloud Infrastructure Technologies (LFS151) | 05/25 | The Linux Foundation | 50 hours | ๐ข๐ | |||||||||||||||||||||||||
| Introduction to DevOps and Site Reliability Engineering (LFS162) | 05/25 | The Linux Foundation | 12 hours | ๐ข๐ | |||||||||||||||||||||||||
| Aprende a analizar datos con IA generativa | 04/25 | Nuclio Digital School | 3 hours | ๐ข๐ ๏ธ | |||||||||||||||||||||||||
| DevOps with Docker | 04/25 | University of Helsinki | 3 ECTS | ๐ข๐ | |||||||||||||||||||||||||
| NodeJS - The Complete Guide (MVC, REST APIs, GraphQL, Deno) | 03/25 | Udemy | - | ๐ ๐ฌยน | |||||||||||||||||||||||||
| Full Stack Web Development Course | 01/25 | Nuclio Digital School | 6 months | ๐ข๐ | |||||||||||||||||||||||||
๐ฌยณ = On the bucket list, to start asap
๐ฌยฒ = DevOps with kubernetes starts in june
๐ฌยน = NodeJS ... Stopped to follow others
ECTS = European Credit Transfer and Accumulation System (ECTS)
Resume :
here
badges : here